The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged between both Ipsec gateways. However, the IKE rea time debug does NOT show any output. Why isn't there any output?

A. The IKE real time debug shows the phases 1 and 2 negotiations only. It does not show any more output once the tunnel is up.

B. The log-filter setting is set incorrectly. The VPN's traffic does not match this filter.

C. The IKF real time debug shows the phase 1 negotiation only. For information after that, the administrator must use the IPsec real time debug instead: diagnosedebug application ipsec -1

D. The IKE real time debug shows error messages only. If it does not provide any output, it indicates that the tunnel is operating normally.

Answer: A

Q15. Examine the output of the 'get router info ospf interface' command shown in the exhibit; then answer the question below.

Which statements are true regarding the above output? (Choose two.)

A. Theport4 interface is connected to the OSPF backbone area.

B. The local FortiGate has been elected as the OSPF backup designated router

C. There are at least 5 OSPF routers connected to the port4 network.

D. Two OSPF routers are down in the port4 network.

Answer: A,D

Q16. An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after thechanges, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets and before the arrival of the SYN/ACKs. When the SYN/ACK packetsarrive to the FortiGate, the unit has already deleted the respective sessions. Which TCP session timer must be increased to fix this problem?